VectorLinux

General Announcements => Security Advisories => Topic started by: caitlyn on January 13, 2009, 04:35:41 pm

Title: 090113 ruby-1.8.6-p187 closes a known security vulnerabilty [VL 5.9, VL 6.0]
Post by: caitlyn on January 13, 2009, 04:35:41 pm
A new, patched version of Ruby is available for VL 5.9, VL 5.9.1, and VL 6.0.  This version "fixes several bugs in the previous Ruby update, including a security issue where the DNS resolver did not randomize the source port and  transaction id sufficiently."  For details see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.371754

A new package for VL 5.9 is currently in the testing repository.  A VL 6.0 package will be available later this evening.